KIT | KIT-Bibliothek | Impressum | Datenschutz

Attack Surface Reduction for Web Services based on Authorization Patterns

Steinegger, Roland H.; Schäfer, Johannes; Vogler, Max; Abeck, Sebastian

During the design of a security architecture for a web application, the usage of security patterns can assist with fulfilling quality attributes, such as increasing reusability or safety. The attack surface is a common indicator for the safety of a web application, thus, reducing it is a problem during design. Today’s methods for attack surface reduction are not connected to security patterns and have an unknown impact on quality attributes, e.g., come with an undesirable trade-off in functionality. This paper introduces a systematic and deterministic method to reduce the attack surface of web services by deriving service interface methods from authorization patterns. We applied the method to the Participation Service that is part of the KIT Smart Campus system. The resulting RESTful web services of the application are presented and validated.

Open Access Logo

Volltext §
DOI: 10.5445/IR/1000050251
Zitationen: 1
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2014
Sprache Englisch
Identifikator ISBN: 978-1-61208-376-6
ISSN: 2162-2116
KITopen-ID: 1000050251
Erschienen in SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies, November 16 - 20, 2014, Lisbon, Portugal. Ed.: R. Falk
Verlag IARIA
Seiten 194-201
Schlagwörter security pattern, attack surface, authorization, web service, rest
Nachgewiesen in Scopus
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page